function WriteMenu($siteid, $siteurl, $sitetarget, $a, $Display, $AdminDisplay)
{
$DbLink2 = new DB();
$DbLink2->query("SELECT id,url,target FROM " . C_PAGE_TBL . " Where parent = '" . cleanQuery($siteid) . "' and active='1' and ((display='{$Display}') or (display='2') " . $AdminDisplay . ") ORDER BY rank ASC ");
if ($siteurl != "") {
if ($sitetarget == '_self') {
if ($_GET[btn] == $siteid) {
echo "<li><a href=\"#\"><span>{$a[$siteid]}</span></a>";
if ($DbLink2->num_rows() > 0) {
echo "<ul>";
while (list($siteid2, $siteurl2, $sitetarget2) = $DbLink2->next_record()) {
WriteMenu($siteid2, $siteurl2, $sitetarget2, $a, $Display, $AdminDisplay);
}
echo "</ul>";
}
echo "</li>";
} else {
echo "<li><a href=\"{$siteurl}&btn={$siteid}\"><span>{$a[$siteid]}</span></a>";
if ($DbLink2->num_rows() > 0) {
echo "<ul>";
while (list($siteid2, $siteurl2, $sitetarget2) = $DbLink2->next_record()) {
WriteMenu($siteid2, $siteurl2, $sitetarget2, $a, $Display, $AdminDisplay);
}
echo "</ul>";
}
echo "</li>";
}
} else {
if ($sitetarget == '_external') {
echo "<li><a href=\"{$siteurl}\"><span>{$a[$siteid]}</span></a>";
if ($DbLink2->num_rows() > 0) {
echo "<ul>";
while (list($siteid2, $siteurl2, $sitetarget2) = $DbLink2->next_record()) {
WriteMenu($siteid2, $siteurl2, $sitetarget2, $a, $Display, $AdminDisplay);
}
echo "</ul>";
}
echo "</li>";
} else {
echo "<li><a href=\"#\" onclick=\"window.open('{$siteurl}','mywindow','')\"><span>{$a[$siteid]}</span></a>";
if ($DbLink2->num_rows() > 0) {
echo "<ul>";
while (list($siteid2, $siteurl2, $sitetarget2) = $DbLink2->next_record()) {
WriteMenu($siteid2, $siteurl2, $sitetarget2, $a, $Display, $AdminDisplay);
}
echo "</ul>";
}
echo "</li>";
}
}
} else {
echo "<li><a href=\\index.php?&page=smodul&id={$siteid}&btn={$siteid}\"><span>{$a[$siteid]}</span></a></li>";
}
}
$result = mysqli_query($mysqli, $sql);
if (mysqli_num_rows($result) != 0) {
echo '<div class="error" id="errorr" >Email Id Already Registered.</div>';
} else {
$sql1 = "select * from referrals where email= '" . $email2 . "'";
$result1 = mysqli_query($mysqli, $sql1);
if (mysqli_num_rows($result1) != 0) {
echo '<div class="error">Email Id Already Reffered.</div>';
}
}
}
} else {
if ($email2 != "") {
echo '<div class="alert">Invalid email Address.</div>';
}
}
}
if (isset($_GET['contact'])) {
$contact2 = cleanQuery($_GET['contact']);
if ($contact2 == "") {
//echo '<div class="error">Please type Email ID</div>';
} else {
$sql = "select * from " . $tablename . " where contact= '" . $contact2 . "'";
$result = mysqli_query($mysqli, $sql);
if (mysqli_num_rows($result) == 0) {
echo '<div class="success">Contact available</div>';
} else {
echo '<div class="error">Contact Already Exists</div>';
}
}
}
$smarty->assign('mygroup', '');
}
$action = array();
if (isset($_REQUEST['action']) && is_array($_REQUEST['action'])) {
$action = $_REQUEST['action'];
} else {
$action = array();
}
$smarty->assign('action', $action);
$query = array();
if (isset($_REQUEST['query']) && is_array($_REQUEST['query'])) {
$query = $_REQUEST['query'];
} else {
$query = array('querypiece' => array());
}
cleanQuery($query);
$query['queryid'] = empty($_SESSION['counter']) ? 0 : $_SESSION['counter'];
$query = prepare_html_query($query);
$config['soapresults'] = !empty($query['collectionid']) && $query['collectionid'] == '-1' ? true : false;
$smarty->assign('config', $config);
if (!$valid_login) {
$logins->logout();
$smarty->display($config['skin'] . '/login.tpl');
exit;
}
$admin = $logins->isInGroup($config['authdomain'], $config['admingroup']);
$editor = $logins->isInGroup($config['authdomain'], $config['editorgroup']);
if ($admin) {
$editor = true;
}
$user = array('login' => $logins->getUID($config['authdomain']), 'editor' => $editor ? 1 : 0, 'admin' => $admin ? 1 : 0, 'usemygroup' => $admin || ($config['usemygroup'] == 'editor' ? $editor : 0) | $config['usemygroup'] == 'user' ? 1 : 0, 'editgroup' => $admin || ($config['editgroup'] == 'editor' ? $editor : 0) | $config['editgroup'] == 'user' ? 1 : 0, 'insertimage' => $admin || ($config['insertimage'] == 'editor' ? $editor : 0) | $config['insertimage'] == 'user' ? 1 : 0);
//original results (may contain duplicates)
$bingResultsOrig = array();
//original results (may contain duplicates)
$blekkoResults = array();
//results with duplicates removed
$googleResults = array();
//results with duplicates removed
$bingResults = array();
//results with duplicates removed
$aggregatedResults = array();
//array to store aggregated results in
$synonyms = array();
//array to store synonyms retrieved
//CLEAN THE QUERY STRING FOR SUGGEST WORDS
$queryEntered = $_POST['query'];
$cleanedQuery = cleanQuery($queryEntered);
//******************************************************************************
//Turn off Warning-reporting for the following warning on CSSERVER:
//Warning: file_get_contents() [function.file-get-contents]:
// SSL: fatal protocol error in ...
//error_reporting(E_ERROR | E_PARSE);
error_reporting(0);
//******************************************************************************
//******************************************************************************
//IF WORD SUGGESTIONS HAVE BEEN REQUESTED DISPLAY ALTERNATIVES
if (isset($_POST['reWrite']) && $_POST['reWrite'] != '') {
//ONLY WANT THE FIRST WORD FOR OUR LOOKUP
$firstQueryWord = getFirstWord($cleanedQuery);
//LOOKUP THE WORD
getSynonyms($firstQueryWord, $synonyms);
//INCLUDE PHP FUNCTION WHICH CREATES A FORM BASED ON THE SYNONYM ARRAY
<?php
include "../../settings/config.php";
include "../../settings/databaseinfo.php";
include "../../settings/json.php";
include "../../settings/mysql.php";
include "../../languages/translator.php";
include "../../templates/templates.php";
$DbLink = new DB();
if ($_GET[name]) {
$userName = $_GET['name'];
$found = array();
$found[0] = json_encode(array('Method' => 'GetProfile', 'WebPassword' => md5(WEBUI_PASSWORD), 'Name' => cleanQuery($_GET['name'])));
$do_post_requested = do_post_request($found);
$recieved = json_decode($do_post_requested);
$profileTXT = $recieved->{'profile'}->{'AboutText'};
$profileImage = $recieved->{'profile'}->{'Image'};
$created = $recieved->{'account'}->{'Created'};
$UUID = $recieved->{'account'}->{'PrincipalID'};
$diff = $recieved->{'account'}->{'TimeSinceCreated'};
$type = $recieved->{'account'}->{'AccountInfo'};
$partner = $recieved->{'account'}->{'Partner'};
$date = date("D d M Y - g:i A", $created);
}
$DbLink->query("SELECT id,\n displayTopPanelSlider, \n displayTemplateSelector,\n displayStyleSwitcher,\n displayStyleSizer,\n displayFontSizer,\n displayLanguageSelector,\n displayScrollingText,\n displayWelcomeMessage,\n displayLogo,\n displayLogoEffect,\n displaySlideShow,\n displayMegaMenu,\n displayDate,\n displayTime,\n displayRoundedCorner,\n displayBackgroundColorAnimation,\n displayPageLoadTime,\n displayW3c,\n displayRss FROM " . C_ADMINMODULES_TBL . " ");
list($id, $displayTopPanelSlider, $displayTemplateSelector, $displayStyleSwitcher, $displayStyleSizer, $displayFontSizer, $displayLanguageSelector, $displayScrollingText, $displayWelcomeMessage, $displayLogo, $displayLogoEffect, $displaySlideShow, $displayMegaMenu, $displayDate, $displayTime, $displayRoundedCorner, $displayBackgroundColorAnimation, $displayPageLoadTime, $displayW3c, $displayRss) = $DbLink->next_record();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php
include "includes/app_top.php";
$t = cleanQuery($_POST['t']);
$getid = cleanQuery($_POST['id']);
if ($t != "" && $getid != "") {
$query = "update " . $t . " set userid=0,contactdate='',iscalled=0, vote=0, comments='' where id=" . $getid;
mysqli_query($mysqli, $query);
$msg = '<div class="success">Removed User from Contact Status Successfully</div>';
}
<?php
include "includes/app_top.php";
checkUserLogin();
if ($action == "send") {
$message = cleanQuery($_POST['message']);
$query = "insert into feedback (description,name,email,stateid,datesent) VALUES ('{$message}','" . $_SESSION['user'] . "','" . $_SESSION['useremail'] . "',{$stateid},'{$date}')";
$a = mysqli_query($mysqli, $query);
require 'includes/mailer.php';
$esubject = "AAP Call Campaign - Feedback";
sendmail($_SESSION['useremail'], $_SESSION["user"], $adminemail, $esubject, "User: "******"user"] . "<br />Email: " . $_SESSION['useremail'] . "<br />Campaign: " . $_SESSION['campaign'] . "<br /><br />" . $message);
if ($a) {
tep_redirect("feedback.php?action1=success");
} else {
tep_redirect("feedback.php?action1=err");
}
}
include "includes/styles.php";
?>
<script type="text/javascript" src="../js/ajax.js"></script>
<script src="../js/jquery.validate.js" type="text/javascript"></script>
<script type="text/javascript">
$(document).ready(function() {
$("#volunteer").validate({
rules: {
message:"required",
}
});});
</script>
</head>
<body class="bgwhite">
<?php include 'configure.php'; include 'functions.php'; $id = cleanQuery($_GET['id']); $iscalled = cleanQuery($_GET['iscalled']); $query = "update contacts set iscalled=" . $iscalled . " where id=" . $id; mysqli_query($mysqli, $query); $msg = '<div class="success">Updated Call Status</div>'; print $msg;
list($UUID, $EMAIL) = $DbLink->next_record();
}
if($UUID)
{
$found = array();
$found[0] = json_encode(array('Method' => 'SaveEmail', 'WebPassword' => md5(WEBUI_PASSWORD)
, 'UUID' => cleanQuery($UUID)
, 'Email' => cleanQuery($EMAIL)));
$do_post_requested = do_post_request($found);
$recieved = json_decode($do_post_requested);
if ($recieved->{'Verified'} == 1)
{
$WERROR="Thank you, your email address was changed";
$DbLink->query("DELETE FROM ".C_CODES_TBL." WHERE code='".cleanQuery($_GET[code])."' and info='emailconfirm'");
}
}
else
{
$WERROR="This isnt a valid code or maybe the code was older than 24h";
}
?>
<style type="text/css">
<!--
.Stil1 {
font-size: 18px;
font-weight: bold;
}
-->
mysql_close($connection);
$actualizo = 1;
}
///////////////////////////////////////
if ($_POST['editres'] == 0 and $_POST["boton"] == "Submit") {
$client = $_POST["client"];
$barrival = $_POST["arrival"];
$arrival = date("Y-m-d", strtotime($barrival));
$bdeparture = $_POST["departure"];
$departure = date("Y-m-d", strtotime($bdeparture));
$villa = $villaid;
$owner = $owneridses;
$estatus = $_POST["estatus"];
$dateres = date("Y-m-d");
$staffcomments = cleanQuery($_POST["comments"]);
$suppliersnote = cleanQuery($_POST["notes"]);
$emailcontact = $_POST["email"];
$agencia = $_POST["agencia"];
if ($_POST["payment1"] != "") {
$bpago1 = $_POST["payment1"];
$vpago1 = date("Y-m-d", strtotime($bpago1));
}
if ($_POST["payment2"] != "") {
$bpago2 = $_POST["payment2"];
$vpago2 = date("Y-m-d", strtotime($bpago2));
}
if (is_numeric($_POST["rooms"])) {
$vrooms = $_POST["rooms"];
} else {
$vrooms = "NULL";
}
<?php
include "includes/app_top.php";
$pcat = "Contacts";
$pagetitle = "Categories";
$getid = getid('id');
checkAdminLogin();
checkState();
if ($action == "addcategory") {
$query = "insert into categories (catname,state_id,datemodified,volunteer,booth,buzz,`call`,jansabha,donate) VALUE ('" . cleanQuery($_POST['categoryname']) . "','" . cleanQuery($_POST['stateid']) . "','{$date}'," . cleanQuery($_POST['volunteer']) . "," . cleanQuery($_POST['booth']) . "," . cleanQuery($_POST['buzz']) . "," . cleanQuery($_POST['call']) . "," . cleanQuery($_POST['jansabha']) . "," . cleanQuery($_POST['donate']) . ")";
mysqli_query($mysqli, $query);
tep_redirect(tep_href_link($pagename, 'action1=add&action=add'));
}
if ($action == "change") {
$query = "update categories set catname='" . cleanQuery($_POST['categoryname2']) . "',state_id='" . cleanQuery($_POST['stateid2']) . "',datemodified='" . $date . "',volunteer=" . cleanQuery($_POST['volunteer2']) . ",booth=" . cleanQuery($_POST['booth2']) . ",buzz=" . cleanQuery($_POST['buzz2']) . ",`call`=" . cleanQuery($_POST['call2']) . ",jansabha=" . cleanQuery($_POST['jansabha2']) . ",donate=" . cleanQuery($_POST['donate2']) . " where id=" . $getid;
mysqli_query($mysqli, $query);
tep_redirect(tep_href_link($pagename, 'action1=update'));
}
include "includes/styles.php";
?>
</head>
<body>
<?php
include "includes/header.php";
include "includes/side-bar.php";
?>
<div class="pageHeadingBlock ">
<div class="grayBackground">
<div class="fR t-r spcT_b">
<a onClick="displayadd();" class="btn btn-primary coursesMenu">Add Category</a>
</div>
<?php
include "includes/app_top.php";
$pagetitle2 = "Edit Profile";
checkUserLogin();
if ($action == "edit") {
$query = "update users set name='" . cleanQuery($_POST['name']) . "', gender='" . cleanQuery($_POST['gender']) . "', state='" . cleanQuery($_POST['state']) . "', phone='" . cleanQuery($_POST['phone']) . "',city='" . cleanQuery($_POST['city']) . "',country='" . cleanQuery($_POST['country']) . "',countrycode='" . cleanQuery($_POST['countrycode']) . "', catid=" . cleanQuery($_POST['category']) . " where id=" . $_SESSION['userid'];
$a = mysqli_query($mysqli, $query);
if ($a) {
$_SESSION['usercatid'] = cleanQuery($_POST['category']);
$_SESSION['getcontact'] = '';
tep_redirect(tep_href_link($pagename, 'action1=success'));
} else {
tep_redirect(tep_href_link($pagename, 'action1=err'));
}
}
include "includes/styles.php";
include "../includes/colorbox.php";
?>
<script src="../js/jquery.validate.js" type="text/javascript"></script>
<script type="text/javascript">
$(document).ready(function() {
checkstudent();
$("#signup").validate({
rules: {
name:"required",
gender: "required",
phone: "required",
}
});
});
function user_details($user) { /*Returns details of an user*/
$user = cleanQuery($user);
$sql = "SELECT * FROM users
WHERE username='******'";
//echo $sql;
$result = mysql_query($sql);
if (!$result) echo mysql_error();
$row = mysql_fetch_assoc($result);
if (is_array($row)) {
return $row;
} else {
return;
}
}
$DbLink->query("UPDATE " . C_ADMINBGCOLORANIM_TBL . " SET Colors = '" . cleanQuery($_POST["ColorHoverStep8"]) . "' WHERE Steps = 'HoverStep8'");
}
if ($_POST[EndStep8] == "{$webui_admin_options_modify}") {
$DbLink->query("UPDATE " . C_ADMINBGCOLORANIM_TBL . " SET Colors = '" . cleanQuery($_POST["ColorEndStep8"]) . "' WHERE Steps = 'EndStep8'");
}
if ($_POST[HoverStep9] == "{$webui_admin_options_modify}") {
$DbLink->query("UPDATE " . C_ADMINBGCOLORANIM_TBL . " SET Colors = '" . cleanQuery($_POST["ColorHoverStep9"]) . "' WHERE Steps = 'HoverStep9'");
}
if ($_POST[EndStep9] == "{$webui_admin_options_modify}") {
$DbLink->query("UPDATE " . C_ADMINBGCOLORANIM_TBL . " SET Colors = '" . cleanQuery($_POST["ColorEndStep9"]) . "' WHERE Steps = 'EndStep9'");
}
if ($_POST[HoverStep10] == "{$webui_admin_options_modify}") {
$DbLink->query("UPDATE " . C_ADMINBGCOLORANIM_TBL . " SET Colors = '" . cleanQuery($_POST["ColorHoverStep10"]) . "' WHERE Steps = 'HoverStep10'");
}
if ($_POST[EndStep10] == "{$webui_admin_options_modify}") {
$DbLink->query("UPDATE " . C_ADMINBGCOLORANIM_TBL . " SET Colors = '" . cleanQuery($_POST["ColorEndStep10"]) . "' WHERE Steps = 'EndStep10'");
}
// For Color
$DbLink->query("SELECT id, Options , Steps, Colors, Display FROM " . C_ADMINBGCOLORANIM_TBL . " ");
list($id, $Options, $Steps, $Colors, $displayBackgroundColorAnimation) = $DbLink->next_record();
?>
<div id="content">
<div id="ContentHeaderLeft"><h5><?php
echo SYSNAME;
?>
</h5></div>
<div id="ContentHeaderCenter"></div>
<div id="ContentHeaderRight"><h5><? echo $webui_admin_options; ?></h5></div>
<div id="adminsettings">
<div id="info"><p><? echo $webui_admin_options_info; ?> $displayBackgroundColorAnimation </p></div>
$response['arrayContent'][$i] = json_encode($response['arrayContent'][$i]);
}
$response['content']['mgs'] = encode_tojson($type . '_updated');
$response['content']['hasArray'] = encode_tojson($i);
}
if (@$_POST['action'] == 'upload_perfil') {
$_POST['usuarios_id'];
//subir imagen del perro
$image_name = upload_image('fileUpload', str_replace('.png', '', $_POST['usuario_foto']));
db_update('usuarios', array('foto' => $image_name), array('id' => $_POST['usuarios_id']));
$response['content']['mgs'] = 'imagen cargada correctamente';
}
if (@$_POST['action'] == 'get_updates') {
$_POST['serverupdate'];
$_POST['table'];
$type = cleanQuery($_POST['table']);
$where = array('serverupdate > ' => $_POST['serverupdate']);
/*if($type == 'respuestas_usuarios' || $type == 'notificaciones' || $type == 'videos_usuarios_empresas'){
$where['usuarios_id'] = $_POST['usuarios_id'];
}*/
$empresasData2 = array();
$empresasData = get($type, '*', $where);
$i = 0;
if (!empty($empresasData)) {
foreach ($empresasData as $dada) {
$i++;
$empresasData2[$i] = array();
//p($dada);
foreach ($dada as $dada2_key => $dada2_val) {
//$empresasData2[$i][$dada2_key] = mb_convert_encoding($dada2_val, "UTF-8", "HTML-ENTITIES");
//p($dada2);
if (in_array($_GET["lg"],$languages)){
$lg = $_GET["lg"]; /*Verify if selected language is in array*/
$smarty->assign('lg_url', '/'.$lg.''); /*Set template lg url ex. www.example.com/lg*/
} else { /*Else*/
$lg = $_GET["lg"];
$lg = $languages[0]; /*select first language as default language*/
$smarty->assign('lg_url', ''); /*Set template lg url */
}
$smarty->assign('current_url',$_SERVER['REQUEST_URI']);
$smarty->assign('lg', $lg); /*Set template lg var*/
/*LOGIN SYSTEM*/
if (isset($_POST['login_user']) && isset($_POST['login_pass'])) { /*If there is any attempt of login verifies login*/
$logged = login(cleanQuery($_POST['login_user']),cleanQuery($_POST['login_pass'])); /*Do the login, updating user table*/
if ($logged==1) $_SESSION['logged']=1; /*If logged set session as logged*/
$smarty->assign('login_try', 1); /*To be used by template system to check if there is any login atempt*/
}
if (isset($_SESSION['logged'])) /*If logged verify login ip and session*/
if ($_SESSION['logged']==1) {
$user = verifica_login(); /*And get current user to var*/
if ($user) $current_user = $user;
else $_SESSION['logged']=0; /*Else logoff automatic*/
}
if ($current_user) $is_admin = is_admin($current_user); /*Set $is_admin if user is administrator*/
$smarty->assign('current_user', $current_user); /*Set template var of username*/
$smarty->assign('is_admin', $is_admin); /*Set template var of is_admin*/
$tpl->assign('isResult', true);
foreach ($query as $key => $value) {
if (isset($value['photo'])) {
$query[$key]['photo'] = '<img src="' . CM_URL . '/cm_api/images.php?id=' . $value['id'] . '&thumbnail=1" />';
}
$query[$key]['action'] = '<a href="' . CM_URL . '/cm_admin/edit.php?id=' . $value['id'] . '" target="_blank">Edit</a><br /><a href="' . CM_URL . '/cm_admin/profile.php?id=' . $value['id'] . '" target="_blank">Print</a><br /><a href="" id="' . $value['id'] . '" class="delProfile">Delete</a>';
if (isset($query[$key]['attachment']) && strlen($query[$key]['attachment']) > 0) {
$query[$key]['action'] .= '<br /><a href="' . CM_URL . '/cm_api/attachments.php?id=' . $value['id'] . '" target="_blank">Attach</a>';
}
}
//datagrid, generating results table
$grid = new SpoonDataGridSourceArray($query);
$datagrid = new SpoonDatagrid($grid);
$datagrid->setColumnsHidden('id', 'attachment');
$datagrid->setCompileDirectory(COMPILE_PATH);
$url = $_SERVER['QUERY_STRING'] ? cleanQuery($_SERVER['QUERY_STRING']) . 'offset=[offset]&order=[order]&sort=[sort]' : '?offset=[offset]&order=[order]&sort=[sort]';
$datagrid->setURL($url);
$datagrid->setSortingColumns(array('file', 'name', 'ic', 'id'), 'id');
$datagrid->setPagingLimit(PAGING_LIMIT);
$datagrid->setHeaderLabels(array('file' => '档案 File', 'case' => '案情 Case', 'photo' => '照片 Photo', 'name' => '姓名 Name', 'ic' => '身份证 IC', 'action' => '操作'));
$tpl->assign('results', $datagrid->getContent());
} else {
$tpl->assign('tooltip', 'No Relevant Results.');
$frm->parse($tpl);
}
} else {
$frm->parse($tpl);
}
$tpl->display(tpl_path('admin_search.tpl.php'));
function cleanQuery($query)
{
<?php
include "includes/app_top.php";
if ($action == "send") {
$message = cleanQuery($_POST['message']);
$email = cleanQuery($_POST['email']);
$username = cleanQuery($_POST['username']);
$query = "insert into feedback (description,name,email,stateid,datesent) VALUES ('{$message}','{$username}','{$email}',{$stateid},'{$date}')";
$a = mysqli_query($mysqli, $query);
require 'includes/mailer.php';
$esubject = "AAP Call Campaign - Feedback";
sendmail($email, $username, $adminemail, $esubject, "User: "******"<br/>Email: " . $email . "<br />Campaign: " . $_SESSION['campaign'] . "<br/><br/>" . $message);
//echo $query;
if ($a) {
tep_redirect("feedback2.php?action1=success");
} else {
tep_redirect("feedback2.php?action1=err");
}
}
include "includes/styles.php";
?>
<script type="text/javascript" src="../js/ajax.js"></script>
<script src="../js/jquery.validate.js" type="text/javascript"></script>
<script type="text/javascript">
$(document).ready(function() {
$("#volunteer").validate({
rules: {
message:"required",
email: "email required",
}
});});
$name = $recieved->{'account'}->{'Name'};
$diff = $recieved->{'account'}->{'TimeSinceCreated'};
$type = $recieved->{'account'}->{'AccountInfo'};
$email = $recieved->{'account'}->{'Email'};
$partner = $recieved->{'account'}->{'Partner'};
$rlname = $recieved->{'agent'}->{'RLName'};
$street = $recieved->{'agent'}->{'RLAddress'};
$zip = $recieved->{'agent'}->{'RLZip'};
$city = $recieved->{'agent'}->{'RLCity'};
$country = $recieved->{'agent'}->{'RLCountry'};
$date = date("D d M Y - g:i A", $created);
$DbLink->query("SELECT PrincipalID,Name FROM ".C_USERS_TBL." WHERE PrincipalID='".cleanQuery($_GET[userid])."'");
list($uuid,$accName) = $DbLink->next_record();
$DbLink->query("SELECT UserLevel FROM ".C_USERS_TBL." a where PrincipalID='".cleanQuery($_GET[userid])."'");
list($active) = $DbLink->next_record();
if($active == "-1")
$active = "0";
else
$active = "1";
?>
<div id="content">
<div id="ContentHeaderLeft"><h5><?php
echo SYSNAME;
?>
if (theForm.email2.value != theForm.email.value)
{
alert("E-mail confirmation does not match with e-mail address.");
theForm.email2.focus();
return (false);
}
return (true);
}
//-->
</script>
<?php
if ($_POST[name] != '') {
$found = array();
$found[0] = json_encode(array('Method' => 'ConfirmUserEmailName', 'WebPassword' => md5(WEBUI_PASSWORD), 'Name' => cleanQuery($_POST[name]), 'Email' => cleanQuery($_POST[email])));
$do_post_requested = do_post_request($found);
$recieved = json_decode($do_post_requested);
if ($recieved->{'Verified'} == "true") {
// CODE generator
function code_gen($cod = "")
{
// ######## CODE LENGTH ########
$cod_l = 10;
// ######## CODE LENGTH ########
$zeichen = "a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,0,1,2,3,4,5,6,7,8,9";
$array_b = explode(",", $zeichen);
for ($i = 0; $i < $cod_l; $i++) {
srand((double) microtime() * 1000000);
$z = rand(0, 35);
$cod .= "" . $array_b[$z] . "";
/**
* Tests an UPDATE TABLE query
* @param string table The table name to get DDL
* @param string dbType MySQL, MSSQL, etc.
* @param string query The query to test.
* @return string Non-empty if error found
*/
function testQueryUpdate($table, $dbType, $query)
{
logThis('verifying UPDATE TABLE statement...');
global $db;
if (empty($db)) {
$db =& DBManagerFactory::getInstance();
}
$error = '';
switch ($dbType) {
case 'mysql':
// get DDL
$q = "SHOW CREATE TABLE {$table}";
$r = $db->query($q);
$a = $db->fetchByAssoc($r);
// rewrite DDL with _temp name
$cleanQuery = cleanQuery($a['Create Table']);
$tempTableQuery = str_replace("CREATE TABLE `{$table}`", "CREATE TABLE `{$table}__uw_temp`", $cleanQuery);
$r2 = $db->query($tempTableQuery);
// get sample data into the temp table to test for data/constraint conflicts
logThis('inserting temp dataset...');
$q3 = "INSERT INTO `{$table}__uw_temp` SELECT * FROM `{$table}` LIMIT 10";
$r3 = $db->query($q3, false, "Preflight Failed for: {$query}");
// test the query on the test table
logThis('testing query: [' . $query . ']');
$tempTableTestQuery = str_replace("UPDATE `{$table}`", "UPDATE `{$table}__uw_temp`", $query);
// make sure the test query is running against a temp table
if (isRunningAgainstTrueTable($tempTableTestQuery)) {
$error = getFormattedError('Could not use a temp table to test query!', $tempTableTestQuery);
return $error;
}
$r4 = $db->query($tempTableTestQuery, false, "Preflight Failed for: {$query}");
$error = mysql_error();
// empty on no-errors
if (!empty($error)) {
logThis('*** ERROR: query failed.');
$error = getFormattedError($error, $query);
}
break;
case 'mssql':
break;
case 'oci8':
logThis('Oracle found: skipping test query - [' . $query . ']');
break;
}
logThis('verification done.');
return $error;
}
<div id="info3"><h3><? echo $webui_help_title_comment03; ?></h3>
<p><? echo $webui_help_comment03; ?></p>
</div>
<p>
<?
$DbLink2 = new DB;
$DbLink = new DB;
if ($_SESSION[USERID])
$Display = 1;
else
$Display = 0;
if($_SESSION[ADMINID])
$AdminDisplay = " or (display='3')";
else
$AdminDisplay = "";
$DbLink2->query("SELECT id,url,target FROM " . C_PAGE_TBL . " Where parent = '".cleanQuery($_GET[btn])."' and active='1' and ((display='$Display') or (display='2') " . $AdminDisplay . ") ORDER BY rank ASC ");
$a = get_defined_vars();
while (list($siteid, $siteurl, $sitetarget) = $DbLink2->next_record())
{
echo "<a href=\"$siteurl&btn=$siteid\"><span>$a[$siteid]</span></a><br/>";
}
?>
</p></div></div>
<?php
include "includes/app_top.php";
$pagetitle2 = "Forgot Password";
$campaign = $_SESSION['campaign'];
if ($action == "send") {
$mailto = cleanQuery($_POST["email"]);
$sql = "select * from users where email='" . $mailto . "'";
$res = mysqli_query($mysqli, $sql);
$row = mysqli_fetch_assoc($res);
if ($mailto == $row['email']) {
$verifycode = create_randomid(10);
$query = "update users set confirmation='" . $verifycode . "' where id=" . $row['id'];
@mysqli_query($mysqli, $query);
$sql2 = "select * from email_templates where id=2";
$res2 = mysqli_query($mysqli, $sql2);
$row2 = mysqli_fetch_assoc($res2);
$esubject = $row2['subject'];
$esubject = str_replace("[NAME]", $row['name'], $esubject);
$esubject = str_replace("[SITENAME]", $sitename, $esubject);
$emailtext = $row2['description'];
$emailtext = str_replace("[NAME]", $row['name'], $emailtext);
$emailtext = str_replace("[EMAIL]", $row['email'], $emailtext);
$emailtext = str_replace("[VERIFYCODE]", $verifycode . "&campaign=" . $campaign, $emailtext);
$emailtext = str_replace("[SITEURL]", 'http://emc3.aamaadmiparty.org/delhi/', $emailtext);
$emailtext = str_replace("[SITENAME]", $sitename, $emailtext);
$emailtext = str_replace("[ADMINEMAIL]", $adminemail, $emailtext);
require 'includes/mailer.php';
sendmail('', '', $mailto, $esubject, $emailtext);
tep_redirect(tep_href_link($pagename, 'action1=success'));
//else
function get_temporary_user($email = '')
{
$query = "select id from usuarios where email = '" . cleanQuery($email) . "' and password is null and fbid is null ";
$sql = mysql_query($query);
$data_ = array();
while ($row = mysql_fetch_array($sql, MYSQL_ASSOC)) {
$data_[] = $row;
}
if (!empty($data_)) {
return array_shift($data_);
} else {
return false;
}
}
<?php
include 'configure.php';
include 'functions.php';
$name = cleanQuery($_GET['name']);
$lastname = cleanQuery($_GET['lastname']);
$email = cleanQuery($_GET['email']);
$membernumber = ismember1($firstname, $lastname, $email);
if ($membernumber != '') {
echo "VEP Member";
} else {
echo "";
}
<?php
include "includes/app_top.php";
$getid = getid('id');
checkAdminLogin();
checkState();
if ($action == "update") {
$comments = cleanQuery($_POST['comments']);
$query = "update enquiries set admincomments='" . $comments . "' where id=" . $getid;
mysqli_query($mysqli, $query);
tep_redirect(tep_href_link($pagename, 'action1=success&id=' . $getid));
}
include "includes/styles.php";
?>
</head>
<body>
<?php
include "includes/header.php";
?>
<h1>Enquiry Details</h1>
<table width="100%" border="0" cellpadding="0" cellspacing="0" class="text9">
<tr>
<td align="right" height="30" style="font-weight:bold"><a href="enquiries.php">Back to Enquiries</a> | <a href="send-mail.php?eid=<?php
echo $getid;
?>
">Reply Mail</a></td>
</tr>
<tr>
<meta name="viewport" content="initial-scale=1.0, user-scalable=no">
<meta charset="utf-8">
</head>
<body>
<?php
include "includes/header.php";
?>
<div class="division-1">
<h1>LEADERBOARDS</h1>
<b style="color:red;">TO SEE FULL CALL CAMPAIGN STATISTICS (EMC3 + TOLLFREE), PLEASE GOTO: </b><b><a href="../reports/" target="_blank">http://myaap.in/callreport</a></b></br></br>
<?php
if ($action == "show") {
$keyword = cleanQuery($_POST['keyword']);
} else {
$keyword = '';
}
?>
<form name="search" method="post" action="dashboard.php?action=show" onSubmit="return validatefilter(this)" class="coursesMenu">
<div class="row-fluid"> Filter By Name or Location:
<input type="text" name="keyword" id="keyword" class="input span12" style="width:200px" value="<?php
echo $keyword;
?>
" placeholder="Keyword" />
<button class="leftformbt" style="font-size:13px; padding:4px 10px;">Search</button>
<button class="leftformbt" style="font-size:13px; padding:4px 10px;"><a style="color:white;" href="dashboard.php">Clear</a></button>
</div>
</form>
<?php
while(list($UUID) = $DbLink->next_record())
{
// Let's get the user info
$DbLink3 = new DB;
$DbLink3->query("SELECT CurrentRegionID from ".C_USERINFO_TBL." where UserID = '".cleanQuery($UUID)."'");
list($RegionUUID) = $DbLink3->next_record();
$DbLink2 = new DB;
$DbLink2->query("SELECT FirstName, LastName from ".C_USERS_TBL." where PrincipalID = '".cleanQuery($UUID)."'");
list($firstname, $lastname) = $DbLink2->next_record();
$username = $firstname." ".$lastname;
// Let's get the region information
$DbLink3 = new DB;
$DbLink3->query("SELECT RegionName from ".C_REGIONS_TBL." where RegionUUID = '".cleanQuery($RegionUUID)."'");
list($region) = $DbLink3->next_record();
if ($region != "")
{
$NOWONLINE = $NOWONLINE + 1;
}
}
$DbLink->query("SELECT count(*) FROM ".C_USERINFO_TBL." where LastLogin > UNIX_TIMESTAMP(FROM_UNIXTIME(UNIX_TIMESTAMP(now()) - 2419200))");
list($LASTMONTHONLINE) = $DbLink->next_record();
$DbLink->query("SELECT count(*) FROM ".C_USERS_TBL."");
list($USERCOUNT) = $DbLink->next_record();
$DbLink->query("SELECT count(*) FROM ".C_REGIONS_TBL."");
list($REGIONSCOUNT) = $DbLink->next_record();
tep_redirect(tep_href_link('profile.php', 'action1=err'));
}
if ($action == "add2") {
$password = sha1(cleanQuery($_POST['password']));
$username = cleanQuery($_POST['username']);
$email = cleanQuery($_POST['email']);
$designation = cleanQuery($_POST['designation']);
$query = "insert into admins (username, password, email, designation, datemodified) VALUES ('{$username}', '{$password}', '{$email}', '{$designation}','{$date}')";
mysqli_query($mysqli, $query);
tep_redirect(tep_href_link($pagename, 'action1=success'));
}
if ($action == "change") {
$password = cleanQuery($_POST['password2']);
$username = cleanQuery($_POST['username2']);
$email = cleanQuery($_POST['email2']);
$designation = cleanQuery($_POST['designation2']);
$query = "update admins set username='******', email='{$email}', designation='{$designation}', datemodified='{$date}' where id=" . $getid;
mysqli_query($mysqli, $query);
if ($password != '') {
$password2 = sha1($password);
$query2 = "update admins set password='******' where id=" . $getid;
mysqli_query($mysqli, $query2);
}
tep_redirect(tep_href_link($pagename, 'action1=success1'));
}
if ($action == "achange") {
if (is_array($_POST["accesslevel2"]) == true) {
$accesslevelStr = implode("", $_POST["accesslevel2"]);
} else {
$accesslevelStr = $_POST["accesslevel2"];
}
$heading = cleanQuery($_POST['name']);
$tablename = cleanQuery($_POST['tablename']);
$pagetitle = cleanQuery($_POST['pagetitle']);
$description = str_replace("\"../images/", "\"images/", $description);
$query = "insert into states (name,tablename,pagetitle, description,sitename, datemodified) VALUES ('{$heading}','{$tablename}','{$pagetitle}','{$description}', '" . cleanQuery($_POST['sitename']) . "', '{$date}')";
mysqli_query($mysqli, $query);
tep_redirect(tep_href_link($pagename, 'action1=success'));
}
if ($action == "edit") {
$access = cleanQuery($_POST['access']);
$description = cleanQuery($_POST['description2']);
$heading = cleanQuery($_POST['name']);
$tablename = cleanQuery($_POST['tablename']);
$pagetitle = cleanQuery($_POST['pagetitle']);
$description = str_replace("\"../images/", "\"images/", $description);
$query = "update states set description='" . $description . "',access='" . $access . "', sitename='" . cleanQuery($_POST['sitename']) . "',tablename='" . $tablename . "',pagetitle='" . $pagetitle . "', name='" . $heading . "', datemodified='" . $date . "' where id=" . $getid;
mysqli_query($mysqli, $query);
tep_redirect(tep_href_link($pagename, 'action1=success&id=' . $getid));
}
include "includes/styles.php";
?>
<script language="javascript">
function checkval(form)
{
if(form.name.value=="")
{
alert("Please enter State name");form.name.focus();
return false;
}
if(form.tablename.value=="")
{
